Where to turn for answers?
A client called me a few weeks back cursing like Joe Pesci with Tourette's Syndrome. He had found himself defending against a maelstrom of security issues that had "become unmanageable" as he put it.
This was right at the time that we were dealing with yet another round of e-mail-borne worms and viruses, while simultaneously drowning in urgent doomsday warnings about the ASN.1 issue -- presented as the "Oh my Lord in Heaven" vulnerability by everyone and their grandmother.
My client was absolutely livid, and completely fed up with someone... he just didn't know whom. He was mad at the virus writers for launching malicious code, he was mad at his users for executing malicious code, he was mad at Microsoft for writing vulnerable code, he was mad at eEye for discovering vulnerabilities, and he was mad at me just because I was a security guy. After letting him know that I double my rate when I have to deal with angst, he dropped the last bit.
By Tim Mullen at SecurityFocus.
[ Read more ]